Bug 137992 - CachedFrame::destroy can detach the page from frames too soon
Summary: CachedFrame::destroy can detach the page from frames too soon
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: History (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Vicki Pfau
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2014-10-22 17:38 PDT by Vicki Pfau
Modified: 2022-08-16 18:16 PDT (History)
7 users (show)

See Also:

Attachments
Patch (1.81 KB, patch)
2014-10-22 17:40 PDT, Vicki Pfau 		ap: review-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vicki Pfau 2014-10-22 17:38:27 PDT 
CachedFrame::destroy contains code that will detach the page, sometimes too soon, causing crashes or assertion failures when teardown code for frames assumes there is still an attached page.

<rdar://problem/18550647>
Comment 1 Vicki Pfau 2014-10-22 17:40:18 PDT 
Created attachment 240313 [details]
Patch
Comment 2 Alexey Proskuryakov 2014-10-22 19:44:40 PDT 
Comment on attachment 240313 [details]
Patch

This appears to break tests:

  fast/loader/image-in-page-cache.html [ Crash Timeout Pass ]
  fast/frames/frame-crash-with-page-cache.html [ Timeout ]
Comment 3 Ahmad Saleem 2022-08-08 16:05:22 PDT 
I can see the following code being present in Webkit source from Github:

https://github.com/WebKit/WebKit/blob/75043d22e2b75e0018914f38ab381214f048dba2/Source/WebCore/history/CachedFrame.cpp#L261

Although line order is different and it was done in this commit:

https://github.com/WebKit/WebKit/commit/8506cd994976591f9a1db0dc5c10fc698768687f#diff-24fdd2b5535690eeec8038c328da95c097199ec9f376593c366505033eb18931

Considering this change landed in one way or form, I am going to mark this bug as "RESOLVED WONTFIX". Thanks!